blog icon indicating copy to clipboard operation
blog copied to clipboard

Published 20 hours ago verified publisher icon mylamour

进击的安全

Open mylamour opened this issue 7 years ago • 3 comments

image

少时常看一兄灰鸽子种马,QQ钓鱼等。2013年拥有自己电脑,11月左右寻找各种工具包,后常深夜修仙,依旧苦苦无果。又因诸事繁杂,时有断续,却未敢停歇。自2016.11月起则专心此道,自忖无名,实当努力。鉴于自身所学繁杂,精通者少,故以此为记载,增删修补,当显凡人之努力,以期所获,更当砥砺前行,上下求索。。若有益于后来者,则幸甚至哉。

以下部分来自日志,有所残缺。另有残本两册如下:

2016.12.05:

  • https://www.zhihu.com/question/48187821

吊炸天的一行js

  • www.jsfuck.com

2017.08.07:

  • 这一段时间在玩LAN Turtle, L eonardo ,还不错

2017.09.18:

  • https://github.com/kevthehermit/PasteHunter

通过Yara规则扫描抓取Pastbin上的数据

2017.09.19:

  • https://github.com/Neo23x0/signature-base/blob/master/iocs

Updata(11.4): Awsome IOC

  • https://github.com/sroberts/awesome-iocs

2017.10.03:

  • https://github.com/CaledoniaProject/LiMEaide

远程Dump内存

2017.10.19:

  • https://github.com/kbandla/aptnotes

APT报告文档

2017.10.23:

  • http://www.forensicswiki.org/wiki/List_of_Jump_List_IDs
  • http://windows.microsoft.com/en-US/windows7/products/features/jump-lists
  • https://countuponsecurity.com/2016/05/18/digital-forensics-shimcache-artifacts/

APT检测过程中,不可缺少的几样Recent File Cache,AmCache,ShimCache

2017.10.24:

  • https://www.amazon.com/Penetration-Testing-shell-Keith-Makan/dp/1849695105

花大半天时间快速翻了下这本书,就那吧,不咋样。

  • https://github.com/leebaird/discover

Kali Linux下的自定义bash脚本,可以节省渗透时间。

2017.10.25:

  • https://github.com/Invoke-IR/PowerForensics

PowerShell版取证库,其实许多渗透过程中用来收集信息的也可以用来作为取证用

  • https://github.com/PowerShellMafia/PowerSploit
  • https://github.com/PowerShellEmpire/PowerTools

2017.10.26:

  • https://github.com/vulhub/vulhub

很好的一个渗透学习环境,使用docker构建,来自P牛

2017.10.31:

  • https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads
  • https://github.com/subTee/PoshRat

PoshRat脚本可以反向一个Powershell update(11.4): PoshRat项目已经被移除,从本机补上PoshRat.zip

  • https://github.com/threatstream/mhn

MHN is a centralized server for management and data collection of honeypots, 暂时没有机会试验

2017.11.03:

  • Image File Execution Options

来自Vault7文档,修改注册表

2017.11.05:

  • http://car.mitre.org
  • http://attackl.mitre.org
  • https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
  • https://github.com/Neo23x0/sigma

sysmon用来检测系统log,然后Sigma用来读取并进行分析

  • https://github.com/SwiftOnSecurity/sysmon-config
  • https://github.com/MHaggis/sysmon-dfir

2017.11.06:

  • https://github.com/HoLyVieR/dnsbin

采用DNS传输数据,有client和server,在自己域名解析的服务器上更改配置文件 update(11.21): https://github.com/evilsocket/sg1

2017.11.08:

  • https://github.com/DictionaryHouse

字典屋

  • https://github.com/Lucifer1993/AngelSword/

CMS 自动攻击工具 updata(11.17): https://github.com/Moham3dRiahi/XAttacker

2017.11.09:

  • http://hackthebox.eu

注册了个账号,开始玩玩

  • https://github.com/iAbadia/Volatility-Plugin-Tutorial

如何编写Volatility插件

  • https://github.com/b3rito/yodo

利用dirtycow 和zuzu的一键提权利用脚本

2017.11.10:

  • https://github.com/Koodous/androguard-yara

使用生成一个Yara相关的APK https://github.com/InQuest/awesome-yara

  • https://github.com/dkovar/analyzeMFT

analyzeMFT 解析MFT文件,使用The Sleuth Kit 提取MFT, py2exe封装后的exe不是standalone的,不知道pyinstaller怎么样

mmls  xxxx.raw
icat -i raw -f ntfs -o offset ./imagefile 0 > xxx.mft

2017.11.14:

  • https://github.com/MechanicalSoup/MechanicalSoup

Python爬虫库,很棒

rundll32 mimikatz,main

2017.11.15:

  • https://virusshare.com/

病毒MD5特征文件

2017.11.21:

  • https://github.com/embedi/CVE-2017-11882

今天最火,大家估计都磨刀霍霍了吧CVE-2017-11882-master.zip,最近Office怎么这么多啊。。。

mylamour avatar Nov 05 '17 13:11 mylamour

Why are poorly skilled attackers successful? In the land of the blind, the one-eyed man is king.

mylamour avatar Nov 05 '17 17:11 mylamour

  • 824696955 idcard 528.9gb 264.4gb 2017.11.27 征信数据, 其他所有数据加在一起有4T

mylamour avatar Nov 28 '17 03:11 mylamour

2017.11.29:

  • https://github.com/tabulapdf/tabula

提取恶意pdf中的ioc

2017.12.04

  • https://github.com/cryptolok/CryKeX

读密码?测了一下好像不行

2017.12.27:

  • https://github.com/mattifestation/WMI_Backdoor
  • https://github.com/aboutsecurity/rastrea2r

远程yara扫描,其实是起了个http服务...

2018.01.11:

  • https://github.com/StreisandEffect/streisand

隐藏自己,值得拥有,还有一个securityonion

2018.01.12:

  • https://github.com/moul/advanced-ssh-config

2018.01.30:

  • https://github.com/mehulj94/BrainDamage
  • https://github.com/byt3bl33d3r/gcat

cc服务器, telegram, gmail

  • https://github.com/nettitude/PoshC2

powershell

2018.02.05:

  • https://github.com/g0tmi1k/mpc
  • https://github.com/Veil-Framework/Veil-Evasion
  • https://github.com/Veil-Framework/Veil

一键生成msf的payload

2018.02.23:

  • https://github.com/wenfengshi/ddos-dos-tools
  • https://github.com/firefoxbug/ddos
  • https://github.com/cyweb/

2018.04.03:

  • https://github.com/tiagorlampert/CHAOS

Go 编写的后门利用工具,好像Empire也升级版本了。 今天提醒我要更加好好学习,以免成为个菜逼。

mylamour avatar Feb 14 '18 04:02 mylamour